Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection
Most organizations opt for an incidence response , after a catastrophic cyber security event has taken place . Incidence response and threat hunting focus on events that happen after an endpoint is hit by a cyber attacks ,for example a malware infection . One of the main goals of a holistic approach for threat hunting and incidence response is to determine the extent of damages done by the attack and recover as much possible from it .
In this blog post , I will present a scenario of threat hunting and Incidence response out of a malware infection on an endpoint .
First step in threat hunting is to look for infection markers , and a basic way to figure out a malware infection is to look for any suspicious running processes
Quickly we are able to locate a suspicious running process named as
Pckntl.exe . This is what most people do next , upload the file to virus total, but often...
Continue reading →